Digital identity is broken. Can we fix it?

Digital identity is broken. Can we fix it?

Jeremy Newman

founder and executive director at ShowUp

Views 327

Digital identity is broken. Can we fix it?

14.12.2016 11:30 am

While we have all been enjoying a life online, an awkward truth threatens to wreck everything. It is this: a password is the same irrespective of who enters it. This means that when an organisation asks for passwords or other ‘memorable’ information for verification purposes, it is unable to tell the difference between their customer and an impostor.

So why do organisations persist in asking their customers to do something that a fraudster can also do?

Since ancient times passwords have played a role in keeping the enemy from the gates and telling friend from foe. The first use of passwords in the context of computer logins was in 1961 for an early multi-user computer system developed at MIT. Fast-forward to today, and people have to use passwords to interact with just about every supplier, government department and service on offer. Indeed, the way businesses verify customers has barely changed in over half a century.

The problem is that the dominant method of verifying people – testing their knowledge – was flawed from the outset, and it still is.

How we’ve lost our way

Given that passwords cannot distinguish between customer and fraudster, you might hope that this flaw is benign. But it’s worse than useless. By using knowledge-based authentication (KBA), organisations expose their customers to risk.

Knowledge-based authentication drives fraudsters to obtain data by whatever means they can, and then either use it to malicious ends themselves, or trade in it. Vast markets have opened up on the dark web where personal information is being bought, sold and collated, patiently tended in databases like shadow credit reference agencies. The value of this data to criminals lies in the fact that, armed with this data, organisations can be easily fooled. Let’s not forget that KBA is responsible for every phishing email that’s ever been sent.

The reality is that wherever access to a bank account, email account or indeed any online resource at all is controlled with a password, if you know it, so can the fraudsters. All knowledge can be shoulder-surfed, discovered, leaked, hacked, intercepted and (ahem!) guessed.

I believe that passwords persist in part because they give people the sense they have a secret. Until, that is, an organisation gets fooled and customers are left to deal with the resulting mess. They call it identity fraud, but really it’s corporate negligence on a global scale. We live in this Kafkaesque world where we all must jump through hoops to “prove who we are”, while the practice is widely known to be little short of a complete waste of time.

It’s time to change habits

The world is in desperate need of a way to tell the good guys from the bad guys. If it’s not knowledge, then what? What if we could find a means of differentiation that is already present in the population?

The assumption has always been that you cannot see your customer online. As the famous cartoon in the New Yorker had it - on the internet, nobody knows you’re a dog. However, in the past decade this assumption is no longer valid. For the first time nearly everyone has a camera phone with internet connectivity. Therefore it is now possible to draw upon the tried-and tested mechanism of visual identity, and the innate ability of people to recognise one another.

To harness visual identity is to build upon a foundation laid down over several millennia of human evolution. Using this powerful natural capability goes with the grain of everyday experience as opposed to against it. Visual identity is practised by around 7.2 billion people every day, and it manifestly works. Also, there’s no need to distribute anything – no secrets, no special hardware, or even documents.

After many attempts at fixing the problem by adding layers of complexity, we are about to turn full circle. Going back to our roots promises to make the job of the fraudster much harder, while making life much easier for the true customer. There’s an old saying, “People are the weakest link in security”. As ever, it depends on what organisations ask them to do.

Latest blogs

Nish Kotecha Finboot and Bryan Foss, NED, Visiting Professor at Bristol Business School and member of the FRC Audit & Assurance Council

How Listed Companies Can Use Blockchain to Prevent Auditing and Reporting Malpractice and Avoid Scandal

Not too long ago, there was very little to link Wirecard, the disgraced payments platform in Aschheim, Germany, with Boohoo, the fast-fashion online retailer in Leicester, England, but both have recently been embroiled in high-profile scandals. Read more »

Leon Muis Yolt Technology Services

The Time for Financial Services to Become Truly Digital is Now

The financial services industry looks set to change dramatically over the next couple of years in response to COVID-19. The pandemic has certainly highlighted some inefficiencies and weak spots in current processes for many businesses, such as those Read more »

Granville Turner Turner Little

The Lockdown Money Revolution

Many Brits have found that lockdown has been beneficial for their money, having cut back on personal spending and managing to put away some extra cash. According to eToro, Brits with unspent discretionary income are set to accumulate £75.5bn in Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Robert Flowers DivideBuy

It Doesn’t Have to Be the End – How Retailers Can Grow in Light of COVID-19

It’s no news that the retail industry has been flipped on its head by the COVID-19 pandemic. Due to the lockdown, most in-store operations have been shut down, and nationwide furloughs, reduced pay and steady streams of income at risk have fuelled a Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel